CVE-2026-21643

Rinki Singh — Mon, 09 Feb 2026 12:15:05 +0000

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Version Impacted

Version	Affected	Solution
FortiClientEMS 8.0	Not affected	Not Applicable
FortiClientEMS 7.4	7.4.4	Upgrade to 7.4.5 or above
FortiClientEMS 7.2	Not affected	Not Applicable

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-1142

https://nvd.nist.gov/vuln/detail/CVE-2026-21643

CVE-2026-21643 - Common Vulnerabilities and Exposures

CVE-2026-21643

Description

References